You can use the ActiveDirectory Domains and Trusts snap-into specify the scope of authentication for users that areauthenticating through external trusts or forest trusts.

You are watching: When do you want to enable domain-wide authentication for a trust?

Membership in Domain Admins or Enterprise Admins,or equivalent, is the minimum required to complete this procedure.Review details about using the appropriate accounts and groupmemberships at http://go.microsoft.com/fwlink/?LinkId=83477.


*
To select the scope ofauthentication using the Windows interface

Open Active Directory Domains and Trusts. To openActiveDirectory Domains and Trusts, click Start, clickAdministrative Tools, and then clickActiveDirectory Domains and Trusts.

In the console tree, right-click the domain node forthe domain that you want to administer, and then clickProperties.

On the Trusts tab, under either Domainstrusted by this domain (outgoing trusts) or Domains thattrust this domain (incoming trusts), do one of thefollowing:

To select the scope of authentication forusers that are authenticating through an external trust, click theexternal trust that you want to administer, and then clickProperties. On the Authentication tab, click eitherDomain-wide authentication or Selectiveauthentication.To select the scope of authentication forusers that are authenticating through a forest trust, click theforest trust that you want to administer, and then clickProperties. On the Authentication tab, click eitherForest-wide authentication or Selectiveauthentication.
To perform this procedure, you must be amember of the Domain Admins group or Enterprise Admins group inActive Directory Domain Services (ADDS), or you must havebeen delegated the appropriate authority. As a security bestpractice, consider using Run as
to perform this procedure.For more information, search for "using run as" in Help andSupport.For an external trust, if you selectSelective authentication, you must enable permissionsmanually on the local domain and on the resource to which you wantusers in the external domain to have access.

See more: Fool Me One Time Shame On You!: J Cole Fool Me One Time, Fool Me Once

For a forest trust, if you selectSelective authentication, you must enable permissionsmanually on each domain and resource in the local forest to whichyou want users in the second forest to have access.You can use selective authentication only onexternal trusts and forest trusts.